Container technology, also simply known as just a container, is a method to package an application so it can be run, with its dependencies, isolated from other processes. The major public cloud computing providers, including Amazon Web Services, Microsoft Azure and Google Cloud Platform have embraced container technology, with container software having names including the popular choices of Docker, Apache Mesos, rkt (pronounced “rocket”), and Kubernetes.
Container technology gets its name from the shipping industry. Rather than come up with a unique way to ship each product, goods get placed into steel shipping containers, which are already designed to be picked up by the crane on the dock, and fit into the ship designed to accommodate the container’s standard size. In short, by standardizing the process, and keeping the items together, the container can be moved as a unit, and it costs less to do it this way.
With computer container technology, it is an analogous situation. Ever have the situation where a program runs perfectly great on one machine, but then turns into a clunky mess when it is moved to the next? This has the potential to occur when migrating the software from a developer’s PC to a test server, or a physical server in a company data center, to a cloud server. Issues arise when moving software due to differences between machine environments, such as the installed OS, SSL libraries, storage, security, and network topology.
Just like the crane picks up the entire container as a unit to put it onto the ship or truck for transport, which facilitates the movement, computer container technology accomplishes the same thing. The container technology contains not only the software, but also the dependencies including libraries, binaries and configuration files, all together, and they get migrated as a unit, avoiding the differences between machines including OS differences and underlying hardware that lead to incompatibilities and crashes. Containers also facilitate deployment of software to a server.
Before containers gained popularity, a prior approach was virtual machines. Here, one physical server was able to be used for multiple applications via virtualization technology, also known as a virtual machine, where each virtual machine contains the entire operating system, as well as the application to run.
The physical server than runs several virtual machines, each with its own OS, with a single hypervisor emulation layer on top. By running several OS’ simultaneously, there is a lot of overhead on the server as resources get used, and the number of virtual machines is limited to but a few.
In contrast, with container technology, the server runs a single OS, as each container is able to share this single OS with the other containers on the server. The parts of the OS that are shared are read only to not interfere with the other containers. This means that compared to virtual machines, containers require less resources of the server with a lower overhead, and are significantly more efficient, so that a lot more containers can be packed onto a single server. For example, while each virtual machine may require gigabytes of storage, each container running a similar program may only need megabytes.
How do containers work?
Containers are set up to accomplish work in a multiple container architecture, termed a container cluster. In a Kubernetes container cluster, there is a single cluster master, with the other related containers designated as nodes, that are the multiple worker machines. The roles of the cluster master is to schedule the workloads for the nodes, and also to manage their lifecycle, and their upgrades.
Container technology is not a new phenomenon, and has long been a core feature for Linux. The advance in recent years of container technology it has become easier to use, and software developers have embraced them for their simplicity, and avoiding compatibility problems. They also enable a program to be broken down into smaller pieces, which are known as microservices.
The advantage of having the program as component microservices is that different teams can work on each of the containers separately as long as the interactions between the different containers are maintained, which facilitates developing software faster. Finally, container technology allows for complete granular control over the containers.
While containers are able to run all types of software, older programs that were designed to run on a virtual machine do not migrate well to the container technology. This older software running on a virtual machine can be put onto a cloud platform such as Microsoft Azure, so containers are not likely to fully replace virtual machines for the foreseeable future.
How do companies manage containers?
With so much software running as containers, managing the containers has now become a requirement, and it is arduous to borderline impossible to perform this task manually. Specialized software for container management is required, and a popular open source solution is Kubernetes, which has several distributions including Red Hat OpenShift. Container management software facilitates deployment of containers, and works well with the rapid deployment strategies of the DevOps philosophy.
Another great feature of container technology is its flexibility. With a virtual machine, it requires several minutes to boot up, just like the PC on your desk getting started up at the beginning of the day. Rather, with container technology, as the OS is already running on the server, a container can be started in a few seconds. This allows containers to be started and stopped as needed, to flex up at a time of peak demand, and to flex down when not needed.
In addition, if a container crashes, it can be to be restarted quickly so it can get back to the task. This type of management is known as container orchestration, and software such as Docker Swarm can control this type of orchestration, and distribute the tasks among the container cluster.
As multiple containers share the same operating system, there is a concern that container technology is less secure than a virtual machine. This is due to if there is a security flaw in the host kernel it will effect multiple containers. Efforts have been made to make containers more secure. One approach includes Docker requiring a signing infrastructure to prevent unauthorized containers from starting up. There is also container security software, such as Twistlock that profiles the behavior of a container, and then shuts down a container that falls outside of the expected profile.